|
|
|
|
|
|
by alinajaf
4570 days ago
|
|
|
> Because knowledge of the secret_key_base allows an attacker to read and manipulate an application’s cookies, checking the value in was never a good idea. So FYI, "read and manipulate an applications cookies" is strictly the same as "run arbitrary ruby code in your Rails application process". I would upgrade "never a good idea" to "completely and catastrophically exposes your application to remote code execution" in this paragraph. |
|
|